GLBA Privacy Notice | ResMac, Inc.

FACTS

WHAT DOES RESMAC, INC. DO WITH YOUR PERSONAL INFORMATION?

Why?

Financial companies choose how they share your personal information. Federal law gives consumers the right to limit some — but not all — sharing. Federal law also requires us to tell you how we collect, share, and protect your personal information. Please read this notice carefully to understand what we do.

What?

The types of personal information we collect and share depend on the product or service you have with us. This information can include:

Social Security number and income
Account balances and transaction history
Credit history and credit scores
Employment information and assets

When you are no longer our customer, we continue to share your information as described in this notice.

How?

All financial companies need to share customers' personal information to run their everyday business. In the section below, we list the reasons financial companies can share their customers' personal information; the reasons ResMac chooses to share; and whether you can limit this sharing.

Reasons we can share your personal information	Does ResMac share?	Can you limit this sharing?
For our everyday business purposes — such as to process your transactions, maintain your account(s), respond to court orders and legal investigations, or report to credit bureaus	YES	NO
For our marketing purposes — to offer our products and services to you	YES	NO
For joint marketing with other financial companies	NO	We don't share
For our affiliates' everyday business purposes — information about your transactions and experiences	NO	We don't share
For our affiliates' everyday business purposes — information about your creditworthiness	NO	We don't share
For our affiliates to market to you	NO	We don't share
For nonaffiliates to market to you	NO	We don't share

Questions?

Call (949) 433-7819 or email info@resmac.com

What we do

How does ResMac protect my personal information?

To protect your personal information from unauthorized access and use, we use security measures that comply with federal law. These measures include computer safeguards, secured files and buildings, and access controls limiting employee access to a need-to-know basis. We use commercially reasonable encryption (TLS in transit; encryption at rest where applicable), multi-factor authentication on internal systems, and annual employee security training.

How does ResMac collect my personal information?

We collect your personal information, for example, when you:

Apply for a loan or give us your contact information
Provide your employment or income information
Show your government-issued ID or give us your bank statements
Use our website or call our customer service line

We also collect your personal information from others, such as credit bureaus, affiliates, employers, banks, or other companies.

Why can't I limit all sharing?

Federal law gives you the right to limit only:

Sharing for affiliates' everyday business purposes — information about your creditworthiness
Affiliates from using your information to market to you
Sharing for nonaffiliates to market to you

State laws and individual companies may give you additional rights to limit sharing. If you are a California resident, see our California Privacy Rights section for additional rights granted under the CCPA/CPRA.

Definitions

Affiliates — Companies related by common ownership or control. They can be financial and nonfinancial companies. ResMac currently has no affiliates.
Nonaffiliates — Companies not related by common ownership or control. They can be financial and nonfinancial companies. ResMac does not share with nonaffiliates so they can market to you.
Joint marketing — A formal agreement between nonaffiliated financial companies that together market financial products or services to you. ResMac does not jointly market.

⚠️ Compliance officer review needed: Confirm the "What we do" responses (especially regarding affiliates, joint marketing, and nonaffiliate sharing) accurately reflect ResMac's actual data sharing practices. Update any responses that don't match real-world operations before publication.